Token-Based Payment Processing System

1. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

2. The invention of claim 1 , wherein the first computer comprises: a first software program adapted to interface with the second computer; and a second software program different from the first software program, the second software program adapted to interface with the third computer but not the second computer.

3. The invention of claim 2 , wherein: step (a) comprises: (a1) the first software program receiving the information for performing the transaction, except for the confidential information; and (a2) the second software program receiving the confidential information manually entered by the user; step (b) comprises the second software program sending the confidential information to the third computer; step (c) comprises the second software program receiving the token from the third computer; and step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

4. The invention of claim 3 , further comprising the second software program buffering the token in a buffer, wherein, prior to step (d), the user pastes the token from the buffer into an entry field of the first software program.

5. The invention of claim 4 , wherein the buffer is an operating-system clipboard of the first computer.

6. The invention of claim 3 , wherein substep (a2) comprises the second software program receiving the confidential information by means of the user typing the confidential information into an entry field of a window displayed by the second software program.

7. The invention of claim 2 , wherein: step (a) comprises the first software program receiving the information for performing the transaction, including the confidential information; step (b) comprises: (b1) the second software program receiving the confidential information from the first software program by inspecting an entry field of a window of the first software program that includes the confidential information; and (b2) the second software program sending the confidential information to the third computer; step (c) comprises: (c1) the second software program receiving the token from the third computer; and (c2) the second software program replacing the confidential information in the entry field of the window of the first software program with the token; and step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

8. The invention of claim 1 , wherein the first computer comprises: a software program adapted to interface with the second computer; and a packet inspector adapted (i) to receive packets from the software program, (ii) to forward the packets to the second computer, and (iii) to selectively modify one or more of the packets prior to forwarding the packets to the second computer.

9. The invention of claim 8 , wherein: step (a) comprises the software program receiving the information for performing the transaction, including the confidential information; step (b) comprises: (b1) the packet inspector receiving one or more packets of data from the software program, including the confidential information; and (b2) the packet inspector sending the confidential information to the third computer; step (c) comprises: (c1) the packet inspector receiving the token from the third computer; and (c2) the packet inspector modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and step (d) comprises the packet inspector sending to the second computer the one or more modified packets of data, wherein the one or more modified packets of data include (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

10. The invention of claim 9 , wherein the packet inspector is a dedicated hardware appliance having a processor different from a processor executing the software program.

11. A first computer for preventing the transmission of confidential information to a second computer in communication with the first computer, the first computer adapted to: (a) receive information for performing a transaction, the information including confidential information manually entered by a user; (b) send the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (c) receive, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (d) send to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

12. The invention of claim 11 , wherein the first computer comprises: a first software program adapted to interface with the second computer; and a second software program different from the first software program, the second software program adapted to interface with the third computer but not the second computer.

13. The invention of claim 12 , wherein: step (a) comprises: (a1) the first software program receiving the information for performing the transaction, except for the confidential information; and (a2) the second software program receiving the confidential information manually entered by the user; step (b) comprises the second software program sending the confidential information to the third computer; step (c) comprises the second software program receiving the token from the third computer; and step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

14. The invention of claim 13 , wherein the second software program is adapted to store the token in a buffer, wherein, prior to step (d), the user pastes the token from the buffer into an entry field of the first software program.

15. The invention of claim 14 , wherein the buffer is an operating-system clipboard of the first computer.

16. The invention of claim 13 , wherein substep (a2) comprises the second software program receiving the confidential information by means of the user typing the confidential information into an entry field of a window displayed by the second software program.

17. The invention of claim 12 , wherein: step (a) comprises the first software program receiving the information for performing the transaction, including the confidential information; step (b) comprises: (b1) the second software program receiving the confidential information from the first software program by inspecting an entry field of a window of the first software program that includes the confidential information; and (b2) the second software program sending the confidential information to the third computer; step (c) comprises: (c1) the second software program receiving the token from the third computer; and (c2) the second software program replacing the confidential information in the entry field of the window of the first software program with the token; and step (d) comprises the first software program sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

18. The invention of claim 11 , wherein the first computer comprises: a software program adapted to interface with the second computer; and a packet inspector adapted (i) to receive packets from the software program, (ii) to forward the packets to the second computer, and (iii) to selectively modify one or more of the packets prior to forwarding the packets to the second computer.

19. The invention of claim 18 , wherein: step (a) comprises the software program receiving the information for performing the transaction, including the confidential information; step (b) comprises: (b1) the packet inspector receiving one or more packets of data from the software program, including the confidential information; and (b2) the packet inspector sending the confidential information to the third computer; step (c) comprises: (c1) the packet inspector receiving the token from the third computer; and (c2) the packet inspector modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and step (d) comprises the packet inspector sending to the second computer the one or more modified packets of data, wherein the one or more modified packets of data include (i) the information for performing the transaction, except for the confidential information, and (ii) the token.

20. The invention of claim 18 , wherein the packet inspector is a dedicated hardware appliance having a processor different from a processor executing the software program.

21. A non-transitory machine-readable storage medium, having encoded thereon program code, wherein, when the program code is executed by a machine, the machine implements a method for preventing the transmission of confidential information from a first computer and a second computer in communication with the first computer, the method comprising the steps of: (a) the first computer receiving information for performing a transaction, the information including confidential information manually entered by a user; (b) the first computer sending the confidential information to a third computer, wherein step (b) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (c) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein step (c) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (d) the first computer sending to the second computer (i) the information for performing the transaction, except for the confidential information, and (ii) the token, wherein step (d) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

22. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of: (a) the first computer inspecting an entry field of a window of a software program to determine whether the entry field includes confidential information; (b) if the entry field includes confidential information, then (b1) the first computer sending the confidential information to a third computer, wherein substep (b1) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS), and (b2) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein substep (b2) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); and (c) the first computer replacing the confidential information in the entry field of the window of the software program with the token, wherein step (c) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).

23. A first-computer-implemented method for preventing the transmission of confidential information between a first computer and a second computer in communication with the first computer, the method comprising the steps of: (a) the first computer receiving one or more packets of data from the first computer; (b) the first computer inspecting the one or more packets of data to determine whether the one or more packets of data include confidential information; (c) if the one or more packets of data include confidential information, then (c1) the first computer sending the confidential information to a third computer, wherein substep (c1) is performed without storing, processing, or sending to the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS), and (c2) the first computer receiving, from the third computer, a token from which the confidential information cannot be derived without knowledge of an association made by the third computer between the confidential information and the token, wherein substep (c2) is performed without storing, processing, or receiving from the third computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS); (d) the first computer modifying the one or more packets of data by replacing the confidential information in the one or more packets of data with the token; and (e) the first computer forwarding the one or more modified packets of data to the second computer, wherein step (e) is performed without storing, processing, or sending to the second computer any information that, in combination with the confidential information, would require the first computer to comply with any portion of the payment-card industry data-security standard (PCI DSS).